IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Update `go-blockdevice` library:
- https://github.com/siderolabs/go-blockdevice/pull/56
Also add a note on the org rename to the release notes.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This is the follow-up fix to the PR #5129.
1. Correctly catch only expected errors in the tests.
2. Rewind the snapshot each time the upload is retried.
3. Correctly unwrap errors in the `EtcdRecovery` client.
4. Update the `grpc-proxy` library to pass through the EOF error.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
No actual change to the dependencies, simply using released versions of
Go modules.
Also bump containerd to 1.6.1 (it should have went with containerd
1.6.1).
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Set memory/cpu resource reservation for system processes.
It helps system processes to allocate memory on memory pressure
situation.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Newest version of github.com/mdlayher/arp backed by the improved
https://github.com/mdlayher/packet package. There's no stable release
of arp yet but I'd like to get back around to that now that I'm stabilizing underlying pieces.
Signed-off-by: Matt Layher <mdlayher@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Use same `talosnet` method as in the actual filtering code.
See also https://github.com/talos-systems/net/pull/9
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Containerd doesn't support merging plugin configuration from multiple
sources, and Talos has several pieces which configure CRI plugin:
(see https://github.com/containerd/containerd/issues/5837)
* base config
* registry mirror config
* system extensions
* ...
So we implement our own simple way of merging config parts (by simply
concatenating text files) to build a final `cri.toml`.
At the same time containerd migrated to a new format to specify registry
mirror configuration, while old way (via CRI config) is going to be
removed in 1.7.0. New way also allows to apply most of registry
configuration (except for auth) on the fly.
Also, containerd was updated to 1.6.0-rc.0 and runc to 1.1.0.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This provides a better way to access IMDS APIs (new IMDS API version,
etc.)
Using `aws-go-sdk` vs. new `aws-go-sdk-v2` as `go-getter` depends on
`v1` version.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
These are guess artifacts from the time Talos tried to auto-detect the
platform it is running on.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#4693
Machine configuration change plus very simple controllers which transform
config into the module spec and finally load modules.
There's no support for advanced features like module params and aliases,
but we can add it later.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Due to using same config value for comparison and rewriting patched
configs, immediate apply mode was always no-op.
Fix that by properly deep copying the config.
Bug was only introduced in `master` with refactoring.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
We used it only once, but the library compiles many regexps as global
variables which we don't need.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Update Go modules to the latest versions including talos-systems/
released modules.
In preparation for 0.14-beta release.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
It was implemented to support Firecracker which wasn't able to load
compressed Linux kernels.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
As SideroLink addresses are ephemeral and point-to-point, filter them
out for node addresses, Kubelet, etcd, etc.
Fixes#4448
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This controller is enabled when `talos.logging.kernel=` kernel arg is
passed. It will try to send logs to the endpoint as JSON-over-TCP (or
UDP-over-TCP, depends on the endpoint) as structured messages.
Example (from test implementation):
```
2021-11-26T19:53:21.912+0300 INFO siderolink-agent/log_receiver.go:23 kernel log message {"src_address": "fdae:41e4:649b:9303:680a:dfab:f7fa:ea00", "msg": {"clock":6252819,"facility":"user","msg":"[talos] task startAllServices (1/1): waiting for 6 services\n","priority":"warning","seq":711,"talos-level":"warn","talos-time":"2021-11-26T16:53:21.3258698Z"}}
```
Fixes#4455
See also https://github.com/talos-systems/siderolink/pull/4
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Still no proper tags for Kubernetes modules (known issue upstream).
Also bump dependencies.
Closes#4605closes#4606
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Next blockdevice library release reads MBR along with GPT and raises
an error if GPT is not set.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Related to #4448
The only remaining part is filtering out SideroLink addresses when Talos
looks for a node address.
See also https://github.com/talos-systems/siderolink/pull/2
The way to test it out:
```
$ talosctl cluster create ... --extra-boot-kernel-args
siderolink.api=172.20.0.1:4000
```
(where 172.20.0.1 is the bridge IP)
Run `siderolink-agent` (test implementation):
```
$ sudo _out/siderolink-agent-linux-amd64
```
Now on the host, there should be a `siderolink` Wireguard userspace
tunnel:
```
$ sudo wg
interface: siderolink
public key: 2aq/V91QyrHAoH24RK0bldukgo2rWk+wqE5Eg6TArCM=
private key: (hidden)
listening port: 51821
peer: Tyr6C/F3FFLWtnzqq7Dsm54B40bOPq6++PTiD/zqn2Y=
endpoint: 172.20.0.1:47857
allowed ips: fdae:41e4:649b:9303:b6db:d99c:215e:dfc4/128
latest handshake: 2 minutes, 2 seconds ago
transfer: 3.62 KiB received, 1012 B sent
...
```
Each Talos node will be registered as a peer, tunnel is established.
You can now ping Talos nodes from the host over the tunnel:
```
$ ping fdae:41e4:649b:9303:b6db:d99c:215e:dfc4
PING fdae:41e4:649b:9303:b6db:d99c:215e:dfc4(fdae:41e4:649b:9303:b6db:d99c:215e:dfc4) 56 data bytes
64 bytes from fdae:41e4:649b:9303:b6db:d99c:215e:dfc4: icmp_seq=1 ttl=64 time=0.352 ms
64 bytes from fdae:41e4:649b:9303:b6db:d99c:215e:dfc4: icmp_seq=2 ttl=64 time=0.437 ms
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#4407fixes#4489
This PR started by enabling simple restart of the `kubelet` service via
services API, but it turned out there's a problem:
When kubelet restarts, CNI is already up, so there's an interface on the
host with CNI node IP, the code which picks kubelet node IP finds it and
tries to add it to the list of kubelet node IPs which completely breaks
kubelet.
Solution was easy: allow node IPs to be filtered out - e.g. we never
want kubelet node IP to be from the pod CIDR.
But this filtering feature is also useful in other cases, so I added
that as well.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
